Labels

vrijdag 16 mei 2014

International -ongoing- BlackShades customers raid -Summary

Rumours within the cybercrime underground started to appear early May about people getting arrested and their equipment getting seized. Nothing uncommon so far, apart from that this time more and more people started to arise, with all the same stories, everywhere from Europe. At one point people even started posting 'proof'. Convincing proof.
If all turns out to be true we are being witness of one of the biggest international raids -ever- related to cybercrime.

Below is a summary of what the uproar is about. It contains user posts on different unrelated forums. 'Proof' users posted, some news articles that could be related, and probably most convincing, a domain seized by the FBI.

The domain bshades.eu went offline on Wednesday. According to its whois information the domain is seized by the FBI:

Most uproar is on hackforums.net where a dozen topics have been started some with even more than 70 pages of comments and more and more people showing up saying they have been a victim of the raid.
The image below show a Dutch hackforums user saying he was victim of the raid.

The officer that signed the document is indeed, according to his linkedin profile, a ICT investigator.

This user from Finland posts another piece of 'proof'.

According to Mikko Hypponen this translates to: "It's a warrant for search and seizure, related to 'importing Blackshades XXXX' into Finland."

Below is a picture of someone claiming the Police is in front of his house because of a search warrant regarding BlackShades, as proof he posts this picture.

Here's a German user posting evidence of his arrest:

Another German person posting his comments:

And last one, here's a Dutch user talking about his arrest on a sole Dutch forum.

Then the newspapers. Most remarkable is that only French newspaper RTL seems to have inside information. They reported about a raid going on in France with in France alone 70 search warrants(!!) related to the use of BlackShades malware.